Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
50,178 Commits 1 Branch 0 Tags
b9bb7a46606f263dcdbbc8ca35cdd0e351ea9fae
Commit Graph

83 Commits

Author SHA1 Message Date
Adeel Khan
298d3554fe Fix templates for XSS code injection via translations 
This would patch all templates (django/mako)
for a possible XSS code injection via
translation files by html escaping them..

LEARNER-4632
 2019-06-25 14:22:42 +05:00
Awais Jibran
66298b8761 fix activation emails for login failure 2019-06-12 16:35:56 +05:00
edx-pipeline-bot
de5d25eccc Merge pull request #20794 from edx/private_to_public_55dd3e1 
Mergeback PR from private to public.
 2019-06-11 19:17:13 +05:00
Josue Balandrano Coronel
df14f5cdf6 [BB-1132] Decrease NAME_MIN_LENGTH to 1 2019-06-06 22:52:00 +02:00
Nimisha Asthagiri
5b29672ed1 Remove microsites from user_authn 
DEPR-30
 2019-05-29 02:20:42 -04:00
noraiz-anwar
34cf433588 rate limit requests for password reset emails 2019-05-23 13:29:36 +05:00
Bill Tucker
eb0f52d110 INCR-211: run python-modernize and isort (#20432) 
* INCR-211:  run python-modernize and isort to support python2 --> python3 transition

* INCR-211: fix pylint errors.

Removed unused module import request and error.
Used import as to avoid too deep a function call.

Altering imports and using suppression of pylint's import error.

* INCR-211: ignore pylint's import error from six module.

* INCR-211: remove unused modules.  Ignore pylint import error from six module.

* INCR-211:  ignore pylint's import error from six module.  Group imports.

* INCR-211:  disable error of 'must be called with literal string'

The specific context for this error means we can disable this.

* INCR-211: change import to satisfy pylint by renaming import

* INCR-211: fix imports so six.unichr works.
 2019-05-10 12:14:41 -04:00
Amit
3fdb4fc2f5 INCR-235: Run python-modernize and isort on openedx/core/djangoapps/user_authn [tests, user_authn] (#20514) 2019-05-10 10:52:29 -04:00
Nimisha Asthagiri
dfa3728edf Move django_comment_common from common to openedx 2019-05-03 12:10:18 -04:00
Nimisha Asthagiri
7b4b6c3539 Move notifier and notification_prefs to discussion/ 2019-05-03 12:09:47 -04:00
Nimisha Asthagiri
16edae0822 Move comment_client into django_comment_common 2019-05-03 12:07:20 -04:00
Nimisha Asthagiri
ef0e06cc0a Revert "Discussions consolidation" 2019-05-02 14:59:56 -04:00
Nimisha Asthagiri
df962a31b7 Move django_comment_common to openedx/core/djangoapps/discussion_common 2019-05-01 19:15:02 -04:00
Nimisha Asthagiri
97862d2ed7 Move notifier and notification_prefs to discussion/ 2019-05-01 19:13:10 -04:00
Nimisha Asthagiri
2839851bde Move comment_client into django_comment_common 2019-05-01 19:13:09 -04:00
Bill DeRusha
2b11068622 Revert "Convert Account Activation Emails to edx-ACE" 2019-05-01 16:30:09 -04:00
Ned Batchelder
67008cec68 Merge pull request #18928 from shadinaif/activation-email-to-ace 
Convert Account Activation Emails to edx-ACE
 2019-04-27 15:06:18 -04:00
Shadi Naif
07f588517b Convert Account Activation Emails to edx-ACE 2019-04-27 13:21:34 +03:00
David Ormsbee
d2acc70f9f Update user_authn README to new format. 2019-04-25 15:49:43 -04:00
Waheed Ahmed
3bdf83dba7 Update third party auth login page message. 
LEARNER-5258
 2019-04-17 15:20:38 +05:00
Waheed Ahmed
6da5f36a7f Escape login error messages. 
Used Text/HTML functions to escape login error messages.

LEARNER-5258
 2019-04-15 12:31:00 +05:00
Hammad Ahmad Waqas
7e9b6d3a82 Merge pull request #20195 from edx/hammad/WL-1904 
WL-1904 | Enrollment view does not support URL-encoded course keys
 2019-04-11 11:59:35 +05:00
Douglas Hall
c4a26571cc Return 401 from login_refresh if the user is not authenticated. 2019-04-10 15:25:32 -04:00
Hammad Ahmad Waqas
75f59decc2 for logout view, encoding and decoding next query param if not already encoded. 2019-04-10 19:41:50 +05:00
Nimisha Asthagiri
9c3472ab24 Merge pull request #19845 from eduNEXT/fmo/studio_sso_over_lms_flag 
Make the studio login over the lms optional using a feature flag
 2019-03-15 08:23:02 -04:00
Nimisha Asthagiri
e4f935aab3 JWT Cookie updates: remove refresh cookie, cookie expires with JWT 
ARCH-418, ARCH-548
 2019-03-12 09:14:33 -04:00
Felipe Montoya
9195ec9f30 Addressing second feedback about redirect logic on logout behing feature flag 2019-03-11 13:09:13 -05:00
Felipe Montoya
14b4223b5e Addressing feedback 2019-03-11 12:02:38 -05:00
Mike Dikan
2c149ca6be Removing the Deprecated the 'external_auth' package in favor of 'third_party_auth' which is the current recommendation. 2019-03-02 16:06:46 -05:00
Matt Hughes
b4664f8377 Add IDV bypass mechanism for bok_choy tests 
An older test was deleted based on flakiness around the ID
verification process; this test eliminates the dependency on IDV by
enabling manual ID verification (an enterprise-motivated workaround
for IDV requirements) via the auto_auth endpoint.

JIRA:EDUCATOR-1178
 2019-02-25 15:58:11 -05:00
Julia Eskew
368f221f0a Initial start on annotations. 2019-02-19 11:24:21 -05:00
Calen Pennington
832d354962 Merge pull request #19750 from edx/unicode9 
fix unicode strings in openedx/ part 2
 2019-02-15 10:57:29 -05:00
Matthew Piatetsky
444799fb0e fix unicode strings in openedx/ part 2 2019-02-15 10:15:51 -05:00
Abdul Mannan
583bede6b9 Add email address to LMS account registeration event 2019-02-15 00:15:53 +05:00
Nimisha Asthagiri
34201c62e8 Merge pull request #19790 from edx/pwnage101/read-from-extra-list-of-logout-uris 
Additionally logout from a settings list of extra logout URIs
 2019-02-12 22:49:36 -05:00
Troy Sankey
10afe5e52f Additionally logout from a settings list of extra logout URIs 
Currently, the LMS logout endpoint should iframe in the logout pages of
all the IDAs you were logged into. In short, this was made possible with
DOP because keeping track of the logout URIs and leaving a trail of
evidence in the user cookies was part of what we added in our fork of
DOP.  In the case of DOT, we don't have time or desire to fork DOT to
mirror this behavior, so our stop-gap solution is to log out the user
from a list of logout URIs in settings.
 2019-02-12 19:44:41 -05:00
Michael Youngstrom
4bbd1dee0b Remove shards from commonlib-unit tests 2019-02-12 14:28:35 -05:00
Robert Raposa
a213104790 add user_id scope and claim for JWT cookies 
The following changes are made to add LMS user_id:
* Adds user_id scope to the JWT to provide the LMS user_id.
* JWT cookies always use the user_id claim.

ARCH-379
 2019-02-07 10:44:35 -05:00
Saleem Latif
46d97caa47 Consolidate recovery assistance forms 2019-01-22 15:09:11 +05:00
Diana Huang
15759c2b2f Merge pull request #19420 from edx/diana/remove-datadog 
Remove all references to datadog from our code.
 2019-01-09 09:07:22 -05:00
Saleem Latif
2c9021e480 Make sure only active AccountRecovery records are used 2019-01-09 16:33:12 +05:00
Diana Huang
6572d99e76 Remove all references to datadog from our code. 2019-01-08 15:41:24 -05:00
Saleem Latif
eaf93d5978 Update sign in email address for continued access 2018-12-31 11:34:05 +05:00
Nimisha Asthagiri
3a45bee3ea Merge pull request #19453 from edx/arch/cleanup-login 
Studio login/registration redirects to LMS
 2018-12-19 11:52:45 -05:00
Michael Terry
e8555de4b4 Merge pull request #19423 from edx/mikix/password-history-removal 
Remove PasswordHistory
 2018-12-19 09:22:39 -05:00
Saleem Latif
38ac3d5032 Request password reset with recovery email address 2018-12-18 14:20:08 +05:00
Nimisha Asthagiri
886bc4b20b Studio login/registration redirects to LMS 2018-12-17 20:50:57 -05:00
Nimisha Asthagiri
c7c8e856cd Check and update login status with all login-related cookies 2018-12-17 13:03:32 -05:00
Michael Terry
01129787c0 Remove PasswordHistory 
This is a feature that has been deprecated and can be safely removed.

DEPR-7
 2018-12-13 13:18:56 -05:00
Diana Huang
30eb003b2e Merge pull request #19243 from edx/diana/default-login-registration 
Force new page if not set in site configs.
 2018-11-26 10:06:19 -05:00